Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion constructor/signing.py
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ def verify_signature(self, installer_file: str | Path):
logger.error("Could not verify signature: PowerShell not found.")
return
command = (
f"$sig = Get-AuthenticodeSignature -LiteralPath {installer_file};"
f"$sig = Get-AuthenticodeSignature -LiteralPath '{installer_file}';"
"$sig.Status.value__;"
"$sig.StatusMessage"
)
Expand Down
2 changes: 1 addition & 1 deletion examples/azure_signtool/construct.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

name: Signed_AzureSignTool
version: 1.0.0
installer_type: exe
installer_type: [exe, msi]
channels:
- https://repo.anaconda.com/pkgs/main/
specs:
Expand Down
19 changes: 19 additions & 0 deletions news/1273-fix-msi-signing-spaces
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
### Enhancements

* <news item>

### Bug fixes

* Fix `AzureSignTool` signature verification failing for installer paths that contain spaces. (#1273)

### Deprecations

* <news item>

### Docs

* <news item>

### Other

* <news item>
23 changes: 23 additions & 0 deletions tests/test_signing.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import sys

import pytest

from constructor.signing import AzureSignTool


@pytest.mark.skipif(sys.platform != "win32", reason="Windows only")
def test_azure_verify_signature_quotes_path_with_spaces(mocker):
"""Test that installer paths containing spaces are quoted in the PowerShell command."""
tool = AzureSignTool()
installer = r"C:\Users\runner\Some Product\foo.msi"

mocker.patch("constructor.signing.shutil.which", return_value="powershell")
mock_run = mocker.patch("constructor.signing.run")
mock_run.return_value.stderr = ""
mock_run.return_value.stdout = "0\nSignature verified.\n"

tool.verify_signature(installer)

# argv passed to run() is ["powershell", "-c", command]
command = mock_run.call_args.args[0][2]
assert f"-LiteralPath '{installer}'" in command
Loading